Wendy's announced Saturday that the hack had reached more stores and used different technology than previously believed.

Mike Blake/Reuters/File

A Wendy's sign and logo are shown at one of the company's restaurant in Encinitas, California May 10, 2016. The company announced Saturday that hackers had access to credit card numbers, names, expiration dates, and codes for credit cards used at Wendy's restaurants since fall 2015.

Loading...

July 9, 2016

By StaffAssociated Press

DUBLIN, Ohio

Wendy's recently announced that hackers were able to steal customers' credit and debit card information at 1,025 of its U.S. restaurants, far more than it originally thought.

Wendy's first reported unusual payment card activity affecting some franchise-owned restaurants in February 2016. On Saturday, the company reported that an additional malware variant had been identified and disabled.

The hamburger chain said hackers have had access to card numbers, names, expiration dates, and codes on the card, since late fall.

"We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks involving some Wendy's restaurants," said Todd Penegor, president and chief executive officer, in a statement.

The Dublin, Ohio, company first announced it was investigating a possible hack in January. In May, it said malware was found in fewer than 300 restaurants. About a month later, it said two types of malware were found and the number of restaurants affected was "considerably higher."

The fast-food chain encouraged customers to watch for unauthorized charges on their cards. Generally, if you report unauthorized charges in a timely manner to the bank or credit card company that issued your card, you are not responsible for those charges.

In a corporate statement, Wendy's said the criminal cyberattacks resulted from service providers' remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees' point-of-sale systems.

According to the company, the malware was first deployed in late fall 2015 and it was disabled by early spring 2016.